Heya, Sorry about continuing this thread... I noticed a few people discussing this topic and wondering about new ways to look at quarantining hosts. There's a working group within the US Internet2 community that's been working on a generalized architecture and set of white-papers that our member institutions can share. If you're interested, check out the two drafts that we have so far (SALSA-Netauth working group): Architecture for Automating Network Policy (PDF) http://security.internet2.edu/netauth/docs/internet2-salsa-netauth-architect... Strategies for Automating Network Policy Enforcement http://security.internet2.edu/netauth/docs/internet2-salsa-netauth-policy-en... We'd welcome any thoughts, criticism, complaints, praise, etc... Eric :)